Overview

overview

7

Static

static

3

9637503226...5N.exe

windows7-x64

7

9637503226...5N.exe

windows10-2004-x64

7

$0/Resourc...d.html

windows7-x64

3

$0/Resourc...d.html

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...r.html

windows7-x64

3

$PLUGINSDI...r.html

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PROGRAMFI...gs.exe

windows7-x64

3

$PROGRAMFI...gs.exe

windows10-2004-x64

3

$PROGRAMFI...ot.dll

windows7-x64

3

$PROGRAMFI...ot.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 19:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $0/Resources/BrowserSearch/alot_search_defend.html

  • Size

    1KB

  • MD5

    32ad78f67cba13b15f746cb9b172c3e7

  • SHA1

    1a9d093b854adb26be538730f31b2de89db80b5d

  • SHA256

    a98eab555814276b5016d687c3945093705dc610a755892a712b7b7a423c5f29

  • SHA512

    95856f4924c5bfc6265e9767c2c0fb2fb4fa10bad780c4152c07c0fe9123f7efa8766d80ab82150755fa75979f4f7af4b3aab2e3181a66cfc91d04caf2f8bf50

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$0\Resources\BrowserSearch\alot_search_defend.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:304
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:304 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bae829c5ebe81cead5585ef8679335d4

    SHA1

    e90601a9568e358e9a5d79a209c2880367c4063d

    SHA256

    11da9f8f9567e0dff3c4a09141b442d9c6c0836f4d362c43f0234e2fb1a24545

    SHA512

    c0cceb4cd30c4a9ed12d5f23e55bf79312296d340b4d059b9b73fb8ad21dc5f69db1916232b1eba30bc891c7400edbc15b4463d389ec0e791a8669cee213fad0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cedf3f10350d5a7ff75ce606871d80bc

    SHA1

    f537c2297c00acd9cb1dc694deb74df122d1e3be

    SHA256

    634765bc8f83ac15ddb17d594ce8848ee9a4d95d9608e6046b0303651f820766

    SHA512

    2d1f32bab3a103e5a5dfca43be9de5a252bd26c52e0ceabd97f60c7eee998fef84c4d5be84ff969de25ea93d5f7ce1f598eb822d9bf41e848570e5b3f7eacee8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb7ae1df4d5798d01e0b17084d18d8f5

    SHA1

    805fff7614a9295dbc7e32e4924158f60586706c

    SHA256

    bc9463b623151203845e80aabecd381076b4f5635a247cbf4c04165c500af826

    SHA512

    fc6dbc0218fbe69bf02af5914cb8d409bf58927b085669692f3f7be47d38ce3a6b4a2687db84b9eddb41c6eeede924fda6400c286983b7e573df913007417a85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91a6ed3321fd9d72fa85cc8e36bf42d7

    SHA1

    ad809d392162ba7564367bc8fbcb09af4db063c8

    SHA256

    fd82dda79f9881cb60594cb0a9ed76389bafbc034d22df7ab8527c19eb3c5804

    SHA512

    516729ba1979ae215628fe74ac736b9613ebf576f4d4eedfaa97822c3842da5d16bb18f7701304f7c59bf95b6b0019574e2b35b9d5e1ac6b9c2a38c94dccc1b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f87e9392d57c499ca39914acb828aae

    SHA1

    545bdef48fd2d4dffb7983efa2e9a540ae26bc54

    SHA256

    ce2b5c94f5fb6917cbd5df6052b7a643b27fe2356015ce5805f8ca8db42f826a

    SHA512

    f98dec0e6394426510700c36d99ce44088102098d2e44c89de3353d37d1d72e38fd33a5127d09614b56af0a1b2590af21466cbf6babc86c0dc737c4171b3384e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6790110e35a7abbfd425ed37b5787281

    SHA1

    921289edd8e7c91d69f7e1d79d57385f0992346e

    SHA256

    8c24a6d204854afd680265e9cdf7de5136a1ccf777e17514944b8e0c63a0e394

    SHA512

    4d6ad5077e65fce21e966f58d47e7bef061a0ffadcf9e7daa2fe12dc796feb8d89e0945d637002f6650e80d55b134c3f769e61b16b68397e9ce88576c57bbfbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9100da30f1965320cd23468addce3caf

    SHA1

    8256b9198d1caa324f1fc1d7996d0533abd9e6fe

    SHA256

    2d1307b8f09b94ce08f574288483bea645105d224c4ef2a20eae264894b5fb78

    SHA512

    8cc7d8c42f7a0e6c07432dca68c5316e46dfbc02184f14fd40cf59c7c4981c49c0c9bc38b179edc069ee78219c222831fc641996496b0d49e1691316f411e8a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b8b062dadd886a82d15ad13af428e36

    SHA1

    f9451d8e5d371cf5f8bd66b0bf50dff978babd5f

    SHA256

    4bd41f85288f810554b743b0f67add733800401af9a91bdce00911026bb73991

    SHA512

    9013c6eb748a0bc6041ac6fc502bec888e78dfc022e4723f37b26f146e3a417699c94c5a45c74175336b14bef3f2d5bb91d0d88d81a928f4926cfaf6a04be612

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df8d3aa12f99b134d81fde26d8e34ab0

    SHA1

    7f7120d858dc6afdec06471178867ef7f21bfdfd

    SHA256

    8a4a39970af7c2f0ae3211ab3524ffd3bb2e09df0151f6fce22a870e4bec4b0a

    SHA512

    010d499f880101298e46a534e482fb4fafc383233124c34a7bff62b44a19da61a9400585d43dde1d0a895c01ebf8819a4115bc310b78259266a5b7c087118ff2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFAB7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFAC9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit